Security

Last updated June 2026

We take the security of your data seriously and build it in, rather than bolting it on.

Access and authentication

Sign-in is protected by passwords stored only as secure hashes, optional two-factor login, role-based access, and least privilege. A second secret is required for sensitive actions such as exporting or erasing data, so a stolen password alone cannot do harm.

Encryption and isolation

Data is encrypted in transit and at rest. Client data is isolated per account, and report downloads use signed links that expire.

Oversight and audit

Every meaningful action is recorded in a full activity log, so anything you did not do is visible immediately. Logs are scrubbed of secrets.

Honesty

No system can be called unbreachable, and we do not claim that. We make it genuinely secure, keep improving it, and tell you the truth about where it stands.